Bugtraq mailing list archives

Page table protection on Intel

From: thalakan () TECHNOLOGIST COM (Jason Spence)
Date: Fri, 26 Nov 1999 14:08:25 -0800


In followup to the discussion about page protection on the
Intel architecture, I got out a copy of the Linux kernel
source and started poking through it.  There's a comment in
include/asm-i386/pgtable.h with all the #defines for the
bit values in the protected mode pages which says that
the x86 can't distinguish between execute and read for pages.
It also says that write permissions imply read permissions.

Looking at it more closely, I don't think that it is
feasable to efficiently do either write-only or
read-but-not-execute in the x86's page table system.
Go get a copy of the latest revision of the Intel
software developer's manual, section 3, and look at page
3-14, which lays out the protection rules for *segments*,
not pages.  There is no execute protection for individual
pages, only write protection.

Current thread:

Re: WordPad/riched20.dll buffer overflow, (continued)
- Re: WordPad/riched20.dll buffer overflow Bronek Kozicki (Nov 18)
- Re: WordPad/riched20.dll buffer overflow Gerardo Richarte (Nov 18)
  - Re: WordPad/riched20.dll buffer overflow Gerardo Richarte (Nov 24)
  - (no subject) Swen Persson (Nov 24)
  - Re: WordPad/riched20.dll buffer overflow Gerardo Richarte (Nov 24)
    - Re: WordPad/riched20.dll buffer overflow pedward () WEBCOM COM (Nov 26)
    - Re: WordPad/riched20.dll buffer overflow Christopher Rhodes (Nov 26)
    - Re: WordPad/riched20.dll buffer overflow Glynn Clements (Nov 27)
    - SCO su patches Alfred Huger (Nov 28)
    - Solaris7 dtmail/dtmailpr/mailtool Buffer Overflow UNYUN (Nov 29)
    - Page table protection on Intel Jason Spence (Nov 26)
    - SuSE Security Announcement - new security tools Marc Heuse (Nov 26)
    - 3Com cable modems / Mediaone Signal 11 (Nov 27)
    - Re: 3Com cable modems / Mediaone Joseph W. Breu (Nov 29)
    - NTmail and VRFY George (Nov 30)
    - Netscape Communicator 4.7 - Navigator Overflows Mike Boto (Nov 27)
    - Re: WordPad/riched20.dll buffer overflow Crispin Cowan (Nov 27)
    - Re: WordPad/riched20.dll buffer overflow Solar Designer (Nov 29)
    - Re: WordPad/riched20.dll buffer overflow Casper Dik (Nov 30)
    - Default IE 5.0 security settings allow frame spoofing Georgi Guninski (Nov 30)
    - Re: WordPad/riched20.dll buffer overflow Jason Spence (Nov 28)

(Thread continues...)